Just a quick one on ABPs – there are many posts about this topic now, but there are few that mention how to resolve issues such as recipients not appearing in the list when they should be. In this case you need to ‘tickle’ (yes that’s the official Microsoft term) the objects to get them to play ball.<\/p>\n\n\n\n
ABPs seemed complex when I first looked at them, and my first introduction was with a tenant that had 20,000 user objects! We don’t get many opportunities to work with environments of this size in New Zealand, so it was a great job to get involved with. #dontmessitupmaaate!<\/p>\n\n\n\n
ABPs are most commonly used in large environments though, or where separation is needed. Examples of this are:<\/p>\n\n\n\n
Here is the code to create each ABP… I’m using my fictional company SB Enterprises which exists in a large multi-company tenant. Customattribute1 is used across the tenant to identify the objects related to a particular company with a three-letter-acronym. (this could be the Company attribute, or any other attribute as long as we can use it for filtering in the commands). For Meeting Room, Equipment, or Contact objects, those are created with the company TLA at the front e.g. SBE_MeetingRoom1. <\/p>\n\n\n\n
Firstly let’s connect to Exchange Online powershell:<\/p>\n\n\n\n
Connect-ExchangeOnline -UserPrincipalName insertadminupnhere<\/code><\/pre>\n\n\n\nNow let’s create some address lists to include in our policy:<\/p>\n\n\n\n
# this one contains all our recipients (users, groups, and shared mailboxes)\nNew-AddressList -Name \"SBE_AddressList\" -RecipientFilter \"(CustomAttribute1 -eq 'SBE')\"\n\n# this one contains our groups\nNew-AddressList -Name \"SBE_Groups\" -RecipientFilter \"(ObjectClass -like 'group') -and (CustomAttribute1 -eq 'SBE')\"\n\n# this one contains our shared mailboxes\nNew-AddressList -Name \"SBE_Shared Mailboxes\" -RecipientFilter \"(RecipientTypeDetails -eq 'SharedMailbox') -and (CustomAttribute1 -eq 'SBE')\"\n\n# this one contains our rooms\nNew-AddressList -Name \"SBE_Rooms\" -RecipientFilter \"(RecipientTypeDetails -eq 'RoomMailbox') -and (Name -like 'SBE_*')\"\n\n# this one contains our contacts\nNew-AddressList -Name \"SBE_Contacts\" -RecipientFilter \"(RecipientType -eq 'MailContact') -and (Name -like 'SBE_*')\"\n<\/code><\/pre>\n\n\n\nSweet as lemon pie! Now let’s get a list of all the objects that should be included in each list: <\/p>\n\n\n\n
\n$filter = (Get-AddressList \"SBE_AddressList\").recipientfilter\nGet-Recipient -ResultSize unlimited -RecipientPreviewFilter $filter | Out-GridView\n\n$filter = (Get-AddressList \"SBE_Groups\").recipientfilter\nGet-Recipient -ResultSize unlimited -RecipientPreviewFilter $filter | Out-GridView\n\n$filter = (Get-AddressList \"SBE_Shared Mailboxes\").recipientfilter\nGet-Recipient -ResultSize unlimited -RecipientPreviewFilter $filter | Out-GridView\n\n$filter = (Get-AddressList \"SBE_Rooms\").recipientfilter\nGet-Recipient -ResultSize unlimited -RecipientPreviewFilter $filter | Out-GridView\n\n$filter = (Get-AddressList \"SBE_Contacts\").recipientfilter\nGet-Recipient -ResultSize unlimited -RecipientPreviewFilter $filter | Out-GridView<\/code><\/pre>\n\n\n\nLooking good? Now let’s create the Global Address List and the Offline Global Address List:<\/p>\n\n\n\n
# the global address list has it's own filter for all SBE objects\nNew-GlobalAddressList -Name \"SBE_GlobalAddressList\" -RecipientFilter \"(CustomAttribute1 -eq 'SBE') -or (Name -like 'SBE_*')\"\n\n# the offline address list includes the address lists we created\nNew-OfflineAddressBook -Name \"SBE_OfflineAddressList\" -AddressLists \"SBE_AddressList\",\"SBE_Groups\",\"SBE_Shared Mailboxes\",\"SBE_Rooms\",\"SBE_Contacts\"\n<\/code><\/pre>\n\n\n\nGreat! Now we can create the Address Book Policy using all of the above:<\/p>\n\n\n\n
New-AddressBookPolicy -Name \"SBE_ABP\" -AddressLists \"SBE_AddressList\",\"SBE_Groups\",\"SBE_Shared Mailboxes\",\"SBE_Contacts\" -OfflineAddressBook \"\\SBE_OfflineAddressList\" -GlobalAddressList \"\\SBE_GlobalAddressList\" -RoomList \"\\SBE_Rooms\"<\/code><\/pre>\n\n\n\nDone! Well almost – we have to assign it to the users… I recommend assigning to a pilot group first to get some feedback in case of any issues. When ready, use this command to assign the ABP to all applicable users:<\/p>\n\n\n\n
$SBE_ABP = Get-Mailbox -ResultSize unlimited -Filter \"(RecipientTypeDetails -eq 'UserMailbox') -and (CustomAttribute1 -eq 'SBE')\"; $SBE_ABP | foreach {Set-Mailbox -Identity $_.Identity -AddressBookPolicy 'SBE_ABP'}<\/code><\/pre>\n\n\n\nNow, there are several things that can make it seem like things are not working, but I can tell you 99% of the time you just have to wait. It’s the old ‘cloud time phenomenon’ where things may take from 1 to 48 hours to take effect 🤣🤣🤣.<\/p>\n\n\n\n
The most common issue I have come across <\/strong>is someone in the pilot group pointing out that someone or something is missing from the GAL. This is due to the object not being processed when the Address List was created. It should be a member of the filter; and it is upon object creation or update that membership of address list filters is determined. <\/p>\n\n\n\nThis is where ‘tickling’ comes in. You need to change something i.e. any attribute of the offending object, then change it back again.<\/p>\n\n\n\n
You can do this in the portal for a single object (e.g. change the last name one letter, save, then change it back again)… but seeing as I know this problem exists, I now do this as part of the initial setup so I don’t have to deal with it later. <\/p>\n\n\n\n
Let’s run this to change an attribute – I’ve checked all objects Customattribute5 is blank, so I can use it for this purpose (you don’t have to use tickle obviously, any value will do):<\/p>\n\n\n\n
\n# get the users we want to 'tickle'\n$users = Get-User -ResultSize unlimited -Filter \"Customattribute1 -eq 'SBE'\"\n\n# tickle them by modifying a value (make sure the value was null for all objects beforehand)\nforeach ($user in $users) {\n\n $id = $user.DistinguishedName\n Set-Mailbox $id -CustomAttribute5 \"tickled\"\n}\n\n# then return the value to null\nforeach ($user in $users) {\n\n $id = $user.DistinguishedName\n Set-Mailbox $id -CustomAttribute5 $null\n}<\/code><\/pre>\n\n\n\nAnd voila, the object now appears on the list (taking into account the ‘cloud time phenomenon’ mentioned above).<\/p>\n\n\n\n
As always, thanks for coming dudes & dudettes! ✌🍻✌<\/p>\n
<\/div>